CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/06/16 2:14 a.m.•6 views

MAL-2026-5857 Malicious code in event-metrics-q3x7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b805c0ac88b45f49b1698fb9ea33e00767380544221d574a0da0e0f526d07f8 On install, package.json runs a postinstall hook node run.js that triggers beacon scripts beacon20.js, beaconlinux.js shipped in the tarball. The...

5.8AI score

Exploits0References10

OSSF Malicious Packages•added 2026/06/11 7:39 a.m.•12 views

Malicious code in tailwind-animator-scroll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f89c3c4c01375bc7baef213c815a901ac3947eaf3835aa80ea67a725ece8d533 The package's main entry src/index.js appends, after a large whitespace gap following the legitimate-looking Tailwind plugin code, an...

5.6AI score

OSSF Malicious Packages•added 2026/06/10 10:38 p.m.•8 views

Malicious code in icinga (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbedb312e9cfe0f5cc7783487adc963f142ebcaefa0fb9305a9a535f373b052d PyPI package 'icinga' at version 99.1.0 is a dependency-confusion / typosquat lure against the Icinga monitoring project. It ships no real...

OSSF Malicious Packages•added 2026/06/09 5:43 p.m.•10 views

Exploits0References3

Malicious code in exodus-secure-container (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92bc77b12251baa18392bd90e84d6bdc57aaef9a8c774f8cb29a0066e80f76b5 On npm install, the package runs node src/canary.js as a postinstall hook. That script performs a DNS lookup and HTTPS GET to the hardcoded host...

5.4AI score

OSSF Malicious Packages•added 2026/06/09 5:29 p.m.•11 views

Malicious code in ui-ng-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 198750c8e5d6f4d8a3f3f788a2fd9286f43b5a447bb0e3495b50663c44ddd2a7 Package [email protected] is an empty shell index.js exports , no author, no description, no functionality with a single dependency declared as...

5.6AI score

OSV•added 2026/06/09 5:29 p.m.•10 views

MAL-2026-5454 Malicious code in ui-ng-components (npm)

5.6AI score

OSV•added 2026/06/05 12:53 a.m.•8 views

MAL-2026-5255 Malicious code in executable-stories-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

OSSF Malicious Packages•added 2026/06/05 12:53 a.m.•10 views

Malicious code in awaitly-mongo (npm)

OSSF Malicious Packages•added 2026/06/05 12:53 a.m.•9 views

Malicious code in @forjacms/client (npm)

OSSF Malicious Packages•added 2026/06/05 12:53 a.m.•9 views

Malicious code in autotel-devtools (npm)

OSSF Malicious Packages•added 2026/06/05 12:53 a.m.•10 views

Malicious code in eslint-plugin-executable-stories-playwright (npm)

OSSF Malicious Packages•added 2026/06/05 12:53 a.m.•11 views

Malicious code in awaitly-analyze (npm)

OSV•added 2026/06/05 12:53 a.m.•7 views

MAL-2026-5207 Malicious code in @forjacms/sections (npm)

OSV•added 2026/06/05 12:53 a.m.•9 views

MAL-2026-5247 Malicious code in eslint-plugin-executable-stories-jest (npm)

OSV•added 2026/06/05 12:53 a.m.•10 views

MAL-2026-5241 Malicious code in create-wrangler-deploy (npm)

OSV•added 2026/06/05 12:53 a.m.•8 views

MAL-2026-5260 Malicious code in mountly (npm)

OSSF Malicious Packages•added 2026/05/26 2:40 a.m.•12 views

Malicious code in mistral-workflows-plugins-mistralai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 012c4d9df9467f9847a67be15a746ea186f36d3310d278ca9409d531f5026e12 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score